Fake president
An accounting company specialized in technology has received a request about an account balance from managing director of the company sent from “his” phone if it is possible to make a payment for almost 28.000 EUR. The accountant responded immediately and informed the director about the current account balance as well as about the exchange rate.
The attacker ordered to send the payment immediately according to his payment instructions with a promise to provide the invoice later. The accountant entered and authorized the payment order. The real managing director was on previously announced business trip at the moment, thus it is not possible to simply verify the transaction with him.
Thanks to bank control, it was found out that the payment meets parameters of a fake president fraud. The client confirmed the fraud after contacting the director. In this specific case, nearly 28.000 EUR was saved to the client.
Fake invoice
Client dealing with production of chemicals made an agreed payment towards one of his foreign business partners. During the e-mail communication, the alleged business partner informed the client about the necessity of alternative payment instructions with an excuse for technical reasons. The client sent the payment towards changed account number in good faith.
KB team found discrepancy between countries of beneficiary and the bank. As per recommendation, the client verified account number over the phone with the counterpart and confirmed fraud. Client was saved from losing nearly 18.000 EUR.
Social engineering
Client in pensionable age, Ms Alena from Prague, sent money to a person in Turkey. After being contacted by KB employee, it was found out that payment is going to customs office in Turkey, where they keep a package from her alleged boyfriend from the internet.
We warned the client about payment characteristics fully responding to the scheme of fraud practice and in the end, she made the decision to cancel the transaction. The client was saved from losing nearly 1500 EUR.
Advertisement scam – vehicle
Client from Ostrava found on domestic advertisement portal a favourable offer for sale of his dream vehicle. After contacting the seller it was found out that the vehicle is not situated in Czech Republic and the seller communicates in English. Due to a legend made-up by fraudster it was necessary to sell the vehicle because of ecological taxes outside Germany, from where the seller was supposed to be and money was transferred to Great Britain, while the seller was working as a doctor in Greece due to his legend. Warrantor of the transaction was supposed to be a shipping company represented by natural person. Does it seem complicated? Unfortunately even such stories might be successful and the only thing standing between the victim and the fraudster were our employees. After contacting the client and verifying all fraudulent characteristics of the case, the transaction was not proceeded. We saved our client over 5000 EUR.
Advertisement scam – accommodation
Client from central Bohemia, who was searching for an accommodation, found on the internet an advertisement, which was backed by a logo of well-known portal offering shared accommodation. However, this communication was based on e-mail conversation outside the official portal of the accommodation provider and the fraudster also offered the lease for lower price. Typical characteristics of this fraud is a payment required by bank transfer instead of payment card and is going to natural person, who has often an atypical name due to the recipient country. In this case we revealed this features and warned client about this fact. For his next travelling, he had 1700 EUR more.
Fraudulent investments
An older client from the Olomouc region received an offer by email for advantageous investments in cryptocurrencies. After filling in the basic information, he was contacted by a counterparty with a request to install an application that will allow "traders" to manage his portfolio. In this way, they looked at part of the login details for the client and provided the rest to them voluntarily. The result was a series of outbound transactions. Although these were real purchases of cryptocurrencies, but as you already know, not on behalf of the client, but fraudsters.
Vishing
The client was called very early in the morning by a young man posing as a KB employee, saying that a fraudulent transaction was leaving her account heading Bulgaria. To stop it, he first required the client to send an email, where he would send the details (in the hope that the client has such an email set as his username). The telephone number he previously had was the only one of the clients, so he used it as another level of verification of the login from the new device. Now the client has been notified on her device with a request to confirm the login in the KB key. The fraudster informed the client that with this confirmation he authorized the suspension of the fraudulent payment and the client, upset and asleep, confirmed this operation in the KB key without checking. This granted the fraudster access to banking and under the same legend a moment later authorized KB with a key transaction entered by the fraudster for 31,000. Fortunately, we managed to stop the payment in cooperation with colleagues in the beneficiary's bank, but not all stories have to end happily.